[Dataloss] GA: Security breach involves recent births - 140, 000 notified

Nancy Kramer nekramer at mindtheater.net
Thu May 17 06:43:39 UTC 2007 

If they used SSN for the key to a file that contained parents name and 
address as well as the baby's  SSN it wouldn't be very hard.  One 
SQL  query on the joined files and you would have the info.

Regards,

Nancy Kramer



At 10:45 PM 5/16/2007, lyger wrote:


>And now for tonight's edition of "things that make you go 'hmm'..."
>
>If the records didn't contain names or addresses, then how did the Georgia
>Department of Human Resources match up 140,000 medical records and SSNs of
>infants to their parents mailing addresses so quickly?  And if it wasn't
>"quickly", then how long did they know about the breach before the
>notification process began?
>
>Yes, I know... there's them new-fangled things called "computers".  Am I
>missing something or might there be more to this than currently reported?
>
>
>On Wed, 16 May 2007, Dave wrote:
>
>": " 
>http://www.ajc.com/metro/content/metro/stories/2007/05/16/0517meshrecords.html
>": " http://health.state.ga.us/pdfs/message-20070514.pdf
>": "
>": " by Gayle White
>": " The Atlanta Journal-Constitution
>": " Published on: 05/17/07
>": "
>": " State officials are warning parents of 140,000 Georgia babies that a
>": " security  lapse has exposed some of their personal and medical
>": " information to the risk of  fraud.
>": "
>": " The Georgia Department of Human Resources mailed letters Wednesday to
>": " all  parents of infants born in Georgia between April 1, 2006, and
>": " March 16, 2007,  saying that paper records containing their Social
>": " Security numbers and  information about their medical histories were
>": " improperly discarded.
>": "
>": " The records do not contain names or addresses, said Stuart Brown,
>": " director of  the state's Division of Public Health. He said there is
>": " no evidence that  information from the records has been used
>": " improperly.
>": "
>": " [...]
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>Tracking more than 208 million compromised records in 658 incidents over 7 
>years.
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 
>10:47 AM


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 10:47 AM

More information about the Dataloss mailing list